In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
This article mainly introduces "the detailed construction course of WEB shooting range". In the daily operation, I believe that many people have doubts about the detailed construction of WEB shooting range. The editor consulted all kinds of materials and sorted out simple and easy-to-use operation methods. I hope it will be helpful to answer the doubts of "detailed construction tutorial of WEB shooting range". Next, please follow the editor to study!
A brief introduction to 0x00, the course of WEB shooting range Construction
Penetration testing range is based on the concept of "unknown work how to know defense". By simulating the real loophole environment to continuously train and improve users' penetration testing skills and abilities, this time brings you several popular WEB shooting ranges.
0x01 PHPstudy
As an enterprising infiltration practitioner, there must be more than one shooting range on the computer. At this time, if you want them to operate obediently and normally without interference with each other, it is inevitable to configure WEB. At this time, I believe you will have a big head when you see the configuration files of Apache, Tomcat and Nginx. After all, our focus of learning at this stage is infiltration skills. So here we recommend a PHP site-building artifact-phpstudty.
Don't talk too much nonsense, give the following address
Download address: https://www.xp.cn/download.html installation tutorial: https://www.xp.cn/wenda/389.html Building site: https://www.xp.cn/wenda/394.html
Tip: the password of the database root account needs to be changed manually after the installation is completed.
In addition, phpstudy's default database management tool, phpmyadmin, is seldom used by authors. It is recommended that you use navcat to connect.
Finally, WAMP combinations are recommended (all subsequent ones are based on WAMP)
0x02 build SQLi-labs shooting range Project address: https://github.com/Audi-1/sqli-labs/ download link: https://codeload.github.com/Audi-1/sqli-labs/zip/refs/heads/master
1 download the project and extract it to disk
2 create a site using phpstudy
Note:
The domain name is set at will, but it is required and unique (even if it is not used)
If you do not want to access through the domain name, make sure that the port number is unique.
If you want to access through the domain name, check synchronous hosts (killing software may give an alarm, just ignore it)
The php version recommends using 5.4
3 modify the db-creds.inc under the sql-connections directory
4 Open the browser to access the domain name, and click Setup/Reset Database to initialize the database
At this time, the database has been initialized successfully. If you see a pile of Error, you should check whether the account password is correct and whether the database service is enabled.
5 Test
Go back to the home page and click Less-1
The author reminds us that he wants to enter a numeric ID as a parameter, so try a GET parameter.
The shooting range is operating normally!
0x03 builds DVWA shooting range
With the above foundation, the next steps are accelerated directly.
Project address: https://codeload.github.com/digininja/DVWA/zip/master
1 download and decompress
2 enter the config directory, copy the files and remove the dist suffix
3 Open config.inc.php
As some partners are not familiar with the database, it is recommended that you use the root account.
4 create a site using phpstudy
5 access to the domain name
The detection program of dvwa indicates that some of the functions are not enabled.
6 enable URL include function
Open the PHP configuration file php.ini (note to open the same version as the site configuration)
Search for allow_url_include, and you can see that it is closed at this time.
Change Off to On
7 return to the home page and restart the WEB server
8 return to the browser to refresh the page
Visible environment test passed
9 Click Create/Reset Database to initialize the database
10 Click login
Dvwa default account password is: admin password
11 successfully logged in to DVWA shooting range
0x04 build upload-labs shooting range project official website: https://github.com/c0ny1/upload-labs project source code: https://codeload.github.com/c0ny1/upload-labs/zip/refs/tags/0.1
Description: the shooting range needs to modify part of the configuration, which may conflict with other shooting ranges. If you do not want to be tortured by inexplicable problems, you can use the environment installed by the author (using a separate set of WEB configuration), but you need to pay extra attention to port conflicts and other issues.
If you don't want to do it yourself, fast forward to part 6 of this section.
Both of the above use different domain names and the same port to distinguish sites, and then use different ports to distinguish sites.
1 download and extract the file
Create a upload directory under the root directory
2 focus on the introduction of the official website
PHP version recommended 5.2.17, enable gd2 and exif extension and set up Apache to connect in moudel mode
3 create a site using phpstudy
Note: the port number is 23333 this time
4 enable PHP expansion
Check gd2 extension and exif extension (click the corresponding extension name to turn it on / off)
5 set Apache to connect in moudel mode
Note: this option cannot be set when there are multiple sites in the system (especially different PHP versions). This step is only used as a demonstration.
Positioning php5apache2_2.dll
Open the Apache configuration file httpd.ini
Increase configuration
Restart the WEB server
6 Open site test
OK, we can call it a day.
0x05 END
After the shooting range is built, you have to practice again and again.
I hope you will become the leaders of the red team as soon as possible.
At this point, the study of "detailed course of Building WEB shooting range" is over. I hope to be able to solve your doubts. The collocation of theory and practice can better help you learn, go and try it! If you want to continue to learn more related knowledge, please continue to follow the website, the editor will continue to work hard to bring you more practical articles!
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
© 2024 shulou.com SLNews company. All rights reserved.